Nettitude Blog

Firewalls are designed to form a protective barrier between your internal systems and untrusted outside networks. However, you must be certain that this part of your IT infrastructure has been installed and configured correctly. Otherwise, you risk malware being inserted or valuable data being stolen from your private systems.

This is where rigorous firewall penetration testing comes in. These simulated cyber-attacks locate, investigate and test for vulnerabilities from both outside intruders and internal threats. This way, your company will know where its weaknesses exist and have a plan to address any cybersecurity concerns.

When specifying cybersecurity testing for your organisation you’ll come across various approaches. Penetration testing and bug bounty programmes are two likely options.

But is this an either-or situation? We highlight the main differences between bug bounty and penetration testing and explain why they actually complement each other, keeping your organisation as safe as possible, 365 days a year.

Cybersecurity testing is more crucial than ever. Whilst you’re probably familiar with our penetration testing services, you might not know about our bug bounty platform. And yet, it’s incredibly valuable to maximise your security.

Nettitude has added another string to its penetration testing bow today, following confirmation from CREST – the not-for-profit organisation that serves the needs of the technical information security marketplace – that our testing team has successfully achieved full CREST STAR (Simulated Target Attack & Response) status. STAR is arguably one of the most sophisticated approaches for delivering penetration testing. Through combining comprehensive threat data with a “Red Team” style of testing, STAR assessments are designed to deliver some of the strongest levels of assurance available to organisations across the globe.

You can’t have failed to notice the media storm in the IT and security press around the recent vulnerability in the bedrock of the internet – SSL. The service designed to be protecting our data when sent over the big bad public wire has been wide open since early 2012 within many OpenSSL deployments (unpatched OpenSSL 1.01 or 1.02beta).

There has been a lot of talk both at Nettitude and all over the world over the last 24-hours regarding the Heartbleed bug.  This is possibly the biggest kink in the armor of SSL ever found, due to the fact that it affects such a large portion of hosts on the internet¹.

Here at Nettitude, we have been delivering penetration tests for clients for more than a decade.  Over the last 10 years we have really seen the industry mature. Many organisations understand what penetration testing is, and as a consequence it has become an integral part of many organisations information security program. However, more often than not, organisations ask us to focus on the technical aspects of a penetration test, and ignore the social aspects. In many instances, we are told that ‘management’ don’t want to look at social engineering, and as a consequence, can we provide services that focus on the technology only?